|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: firewalling high-numbered ports (WAS: [PLUG] Problems with Apache and FTP)
|
Bill Jonas wrote:
>
> On Mon, Apr 29, 2002 at 01:39:32PM -0400, Philip Ravenscroft wrote:
> > This lets in all non-SYN packets that originate on port 80 (e.g.
> > return requests when I browse a Web site).
>
> Actually, http requests don't originate on port 80, they originate on
> some other port that's higher than 1024. The server's responses
> originate on port 80, though.
Apr 30 18:04:24 friendly kernel: Forward WWW Request IN=eth0 OUT=
MAC=00:40:05:3a:33:a5:00:10:e8:09:14:dc:08:00 SRC=195.82.196.158
DST=64.194.227.197 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=1438 DF
PROTO=TCP SPT=1146 DPT=80 WINDOW=8760 RES=0x00 SYN URGP=0
The source port can be anything as indicated by my logs, but the
destination port is 80 for apache. Apache then responds on dport 80
with the fulfilled request.
>
> --
> Bill Jonas * bill@billjonas.com * http://www.billjonas.com/
> "They that can give up essential liberty to obtain a little temporary
> safety deserve neither liberty nor safety." -- Benjamin Franklin
>
> ------------------------------------------------------------------------
> Part 1.2Type: application/pgp-signature
--
Rev. LeRoy D. Cressy mailto:leroy@lrcressy.com /\_/\
http://lrcressy.com ( o.o )
Phone: 215-535-4037 > ^ <
Jesus saith unto him, I am the way, the truth, and the life:
no man cometh unto the Father, but by me. (John 14:6)
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|